Lucene search
K

205 matches found

OSV
OSV
added 2019/04/04 4:29 p.m.5 views

CVE-2019-1003086

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS5.7AI score0.01296EPSS
Exploits0References3
OSV
OSV
added 2019/04/04 4:29 p.m.3 views

CVE-2019-1003091

A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01486EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.7 views

PT-2019-11367 · Jenkins · Jenkins Audit To Database Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Audit to Database Plugin affected versions not specified Description: A missing permission check in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiat...

6.5CVSS6.2AI score0.01486EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.5 views

PT-2019-11369 · Vmware +1 · Jenkins Vmware Lab Manager Slaves Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins VMware Lab Manager Slaves Plugin affected versions not specified Description: A missing permission check in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate...

6.5CVSS6.2AI score0.01536EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.4 views

PT-2019-11382 · Jenkins · Jenkins Nomad Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Nomad Plugin affected versions not specified Description: A cross-site request forgery issue exists in the NomadCloud.DescriptorImpldoTestConnection form validation method, allowing attackers to initiate a connection to an...

6.5CVSS6.2AI score0.01296EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.4 views

PT-2019-11694 · Jenkins · Jenkins Kmap Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Kmap Plugin affected versions not specified Description: A cross-site request forgery issue exists in the form validation methods of KmapJenkinsBuilder.DescriptorImpl, allowing attackers to initiate a connection to an attacker-specifi...

6.5CVSS6.2AI score0.01296EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.5 views

PT-2019-11348 · Jenkins · Jenkins Ftp Publisher Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins FTP publisher Plugin affected versions not specified Description: A cross-site request forgery issue exists in the FTPPublisher.DescriptorImpldoLoginCheck method, allowing attackers to initiate a connection to an attacker-specified...

6.5CVSS6.2AI score0.01296EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.6 views

PT-2019-11680 · Jenkins · Jenkins Jenkins-Reviewbot Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins jenkins-reviewbot Plugin affected versions not specified Description: A cross-site request forgery issue exists in the ReviewboardDescriptordoTestConnection form validation method, allowing attackers to initiate a connection to an...

6.5CVSS6.2AI score0.01296EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.4 views

PT-2019-11372 · Jenkins · Jenkins Gearman Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Gearman Plugin affected versions not specified Description: A cross-site request forgery issue exists in the GearmanPluginConfigdoTestConnection form validation method, allowing attackers to initiate a connection to an...

6.5CVSS6.2AI score0.01296EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.4 views

PT-2019-11380 · Jenkins · Jenkins Soasta Cloudtest Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins SOASTA CloudTest Plugin affected versions not specified Description: A cross-site request forgery issue exists in the CloudTestServer.DescriptorImpldoValidate form validation method, allowing attackers to initiate a connection to an...

6.5CVSS6.2AI score0.01296EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.6 views

PT-2019-11370 · Jenkins · Jenkins Openshift Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin affected versions not specified Description: A cross-site request forgery issue exists in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method, allowing attackers to initiate a...

6.5CVSS6.3AI score0.01339EPSS
Exploits0References6
OSV
OSV
added 2019/03/14 2:29 a.m.3 views

CVE-2019-9760

FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-controlled machine that sends crafted responses. Long responses can also crash the FTP client with memory corruption...

9.8CVSS6.3AI score0.53093EPSS
Exploits5References2
The Hacker News
The Hacker News
added 2018/09/05 9:9 a.m.3 views

Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords

Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now. The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users' credentials for popular websites like...

6.5AI score
Exploits0
OSV
OSV
added 2018/07/31 10:58 p.m.1 views

GHSA-M5H6-HR3Q-22H5 npm Token Leak in npm

Affected versions of the npm package include the bearer token of the logged in user in every request made by the CLI, even if the request is not directed towards the user's active registry. An attacker could create an HTTP server to collect tokens, and by various means including but not limited t...

7.5CVSS7.1AI score0.06748EPSS
Exploits0References9
CNVD
CNVD
added 2018/07/18 12:0 a.m.3 views

Microsoft Enhanced Mitigation Experience Toolkit (EMET) XML External Entity Injection Vulnerability

Microsoft Enhanced Mitigation Experience Toolkit is a security tool introduced in response to vulnerabilities. It protects users from attacks even when patches are not installed through technologies such as Data Execution Protection DEP, Structured Exception Handling Override Protection SEHOP, an...

7.2AI score
Exploits0References1
OSV
OSV
added 2018/03/20 2:29 p.m.3 views

CVE-2018-4844

A vulnerability has been identified in SIMATIC WinCC OA UI for Android All versions V3.15.10, SIMATIC WinCC OA UI for iOS All versions V3.15.10. Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache...

6.7CVSS5.8AI score
Exploits0References3
Hacker One
Hacker One
added 2017/11/29 11:8 p.m.59 views

Open-Xchange: SSRF in /appsuite/api/autoconfig

FYI: This was conducted on a local install of App Suite and not the sandbox. App Suite version was: 7.8.4 Rev14 Hello, There is a possible SSRF vulnerability in the following App Suite API endpoint that will primarily allow blind port scanning of the App Suite server and any internal servers...

6.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/09/08 3:14 a.m.7 views

jenkins-plugin-subversion: CSRF vulnerability and insufficient permission checks allow capturing credentials (SECURITY-303)

Subversion Plugin improperly checked permissions, requiring just Item/Build instead of Item/Configure when used. This allows a user to specify an attacker-controlled Subversion server which can then be used to collect credentials used by the Subversion plugin...

6.5CVSS6.5AI score0.01031EPSS
Exploits0References5
OSV
OSV
added 2017/08/31 8:29 p.m.2 views

ALPINE-CVE-2017-0902

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls...

8.1CVSS6.9AI score0.0475EPSS
Exploits1References1
OSV
OSV
added 2017/08/31 12:0 a.m.2 views

UBUNTU-CVE-2017-0902

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls...

8.1CVSS7.2AI score0.0475EPSS
Exploits1References7
Rows per page
Query Builder